Method for providing wireless services

ABSTRACT

A method and system for providing distributed network access point installation and management. A network provider installs and/or operates a plurality of access points at locations of a retail entity. Each access point may provide services such as Internet access, and/or content such as audio, video, text, and/or graphics, among other types of services. A carrier, such as a telephone or cable company, may compensate the network service provider for installation and operation of the access points. The carrier may in turn charge its subscribers for network access at the retail entity locations. A plurality of different carriers may provide compensation and allow respective subscriber access. The network access points may be configured to allow each carrier to present a point of presence to its subscribers at the retail entity locations. The installed network may also provide service for retail entity back office functions.

BACKGROUND

1. Field of the Invention

This invention relates generally to wired and/or wireless network datacommunications, and more specifically to a system and method forinstalling and/or providing a network infrastructure in various retailentity locations to offer network services to support customers of oneor more carrier entities. The invention also relates to a businessmethod which enables installation and/or provision of wired and/orwireless network services in various retail entity locations.

2. Description of Related Art

Various types of wired and wireless infrastructures are being developedto service users of computing devices, such as portable computingdevices (PCDs). Currently, numerous network service providers areattempting to install wireless network infrastructures in variouslocations, such as airports, hotels, office buildings, shopping malls,fast-food restaurants, coffee shops, and/or fueling stations (e.g., gasstations, truck stops, etc.), among others, for use by various users,such as mobile users (MUs) of PCDs. Typically, most or all of the costsassociated with setting up and providing the service at these locationsis born by the network service provider. Furthermore, bearing thesecosts has proven difficult and even financially detrimental to variousnetwork service providers. Therefore, a new method is desired whichenables installation and maintenance of distributed network accesspoints without imposing financial burdens on a network service provider.

Each of a plurality of different network service providers may wish toprovide its own wireless local area network (WLAN). Typically, a WLANincludes one or more wireless access points which communicate in awireless fashion with a corresponding computing device of a user, whichtypically includes a wireless Ethernet transceiver. By way of example,IEEE 802.11 currently uses a System ID (SID) (e.g., a Service SetIdentifier and/or an Extended Service Set Identifier) to “select” whichWLAN to use and the wireless access point with which to associate.Elements of the wired and wireless infrastructure, including eachwireless access point, may be able to support a different WLAN for eachof the plurality of different network service providers. However, ingeneral, each of the plurality of different network service providersprovides its own access controller. In other words, the communicationsfrom a WLAN of a first wireless service provider are routed to an accesscontroller of the first network service provider. Even though there is anetwork infrastructure installed at each location of the retail entity,a second network service provider would install more equipment (e.g., atleast one more access controller) to also provide service to the usersof the second network provider. An access controller for each differentnetwork service providers may provide separate branding and/or allowauthentication schemes for each of the different network serviceproviders. This may produce several problems and/or complications. Forinstance, if the network infrastructure is installed at a location suchas a fast-food restaurant, space may be limited as to how much equipmentmay be present. Installing an additional access controller for eachadditional wireless service provider may not be feasible. This may alsoadd several costs. Not only may there be various up-front costs, theremay also be on-going additional costs associated with monitoring and/ormaintenance of additional equipment.

When multiple service providers install networking equipment at a retailentity location, other drawbacks may become present as well. Forexample, each location of the retail entity may have only one connectionto a network, such as the Internet. The connection may be with a DSL(digital subscriber line), a cable modem, a T-1, satellite connection,or other possibly limited connection. With the use of additional accesscontrollers, use of resources (e.g., bandwidth) of the connection to thenetwork or Internet may become unbalanced or congested. The retailentity itself may also desire to connect to the network or Internet. Theretail entity may desire a guarantee of resources of the networkconnection, such as a guarantee of a minimum bandwidth (e.g., 64kilobits per second) for certain critical “back office” applicationssuch as real-time credit-card transaction processing. The use ofmultiple access controllers may contribute to a complicatedimplementation, even if the implementation is possible.

In essence, rather than having each carrier or entity set up a separatephysical and network infrastructure, a single infrastructure can beutilized to provide multiple services to the entities and to provideservices to multiple entities.

Therefore, it would also be desirable to provide a system and methodwhich enables a common wireless network infrastructure (and especiallyan IEEE 802.11 wireless network infrastructure) and a single physicalaccess controller to be used by a network service provider to provideservices to different types of subscribers at a potentially much-reducedcost compared to installing and maintaining separate physical andnetwork infrastructures. This would allow a plurality of carriers toutilize a common set of access points at locations of a retail entity toprovide service to a potentially non-overlapping set of subscribers.This would also provide subscribers or users with the ability to morefully utilize the existing network infrastructure. It would further bedesirable to provide a distributed wireless network system which canselectively provide different access levels to users of the system.

SUMMARY OF THE INVENTION

Various embodiments are disclosed for providing and/or operating one ormore wired and/or wireless access points at a plurality of locations ofa retail entity. A network service provider may install the plurality ofwired and/or wireless access points. According to one embodiment, thenetwork service provider may provide network services, such as Internetaccess, through each of the wired and/or wireless access points. Inseveral embodiments, the wired and/or wireless access points arearranged at known geographic locations and may provide content,advertising, and/or promotions based on the geographic location of thewired and/or wireless access point or a geographic location of a mobileuser.

The network service provider may receive a payment from a first carrierentity for installation and/or operation of the one or more of wirelessaccess points at the locations of the retail entity. Thus, instead ofrequiring the network service provider to recover installation and/ormaintenance costs from usage of the wired and/or wireless access pointsover a lengthy amount of time, the network service provider may receivean up-front payment from one or more carrier entities. Since carrierentities already have a large installed base of subscribers, eachcarrier entity may be in a better position to recover the installationand/or maintenance costs through subscriber billing and usage. Thisprovides an improved business method and/or system for installing andmaintaining wired and/or wireless access points at various distributedlocations.

The network service provider may also receive a payment from the retailentity. The payment from the retail entity may be in addition to thepayment from the carrier entity. For example, the retail entity maydesire to offer various services through the wired and/or wirelessaccess points. The retail entity may desire to use other elementssupported by a network operated by the network service provider, such asvarious back office devices.

The retail entity may receive a payment from the carrier entity for thecarrier entity to offer services at a subset of or all of the locationsof the retail entity. Alternatively, the carrier entity may receivepayment from the retail entity for offering services at a subset of orall of the locations of the retail entity, since the offered services ofthe carrier entity at locations of the retail entity may provide theretail entity with increased customer visitation, e.g., includingopportunities to sell more goods and/or services to subscribers of thecarrier entity.

In one embodiment, the network service provider may receive and/or storeinformation associated with the payment from the first carrier entity ina computer system. The first carrier entity may offer network service tovarious of its subscribers through the one or more wired and/or wirelessaccess points. The first carrier entity may be telephone serviceprovider (e.g., a local telephone service, a cellular telephone service,or a long distance telephone service, among others), or the firstcarrier entity may be a television service provider (e.g., a cabletelevision, or a satellite television service, among others), and/or aninternet service provider. Other types of entities may also beconsidered.

A computer system operated by the first carrier entity may provideinvoices to its subscribers. The invoices may indicate a charge forwireless access at any or a subset of the plurality locations of theretail entity. For example, the carrier entity may already provideinvoices to its subscribers for certain pre-existing services such aslocal or long-distance telephone service and/or internet services. Thecarrier entity may add a charge for wired and/or wireless access at asubset or all of the retail entity locations to these pre-existingservice charges. Alternatively, the carrier entity may add the retailentity network access as a “free” service to its customers, in the hopesof enticing more customers to sign up or switch to the respectivecarrier.

In various embodiments, each subscriber of the first carrier entity mayuse a portable computing device to communicate with a wired and/orwireless access point of the one or more wired and/or wireless accesspoints. Alternatively, various ones of the retail entity locations mayprovide computers at the location for usage (e.g., locked down toprevent theft). Thus, subscribers of the first carrier entity may usethese provided computers. The network service provider may determine ifa user is a subscriber of the first carrier entity and provide networkaccess to the portable computing device of the user if the user isdetermined to be a subscriber. A username and password combination maybe used in determining if the subscriber is to be authenticated foraccess of service.

If the user is not a subscriber of the first carrier entity, the firstcarrier entity and/or the network service provider may request paymentfrom the user. The user may provide a payment to the first carrierentity, the retail entity, and/or the network service provider bysubmitting credit card information, among other types of information. Inone embodiment, a user who is not a subscriber of the carrier may usethe network by paying a small fee to the retail entity, e.g., a feeadded to his/her bill for a certain time period of network usage. Theamount paid by the user and/or the amount of time for network access maydepend on the amount of goods or services purchased by the user.

In several embodiments, the network service provider may receive apayment from each of multiple carrier entities for installation and/oroperation of the one or more of wired and/or wireless access points atthe plurality of locations of the retail entity. The network serviceprovider may provide a virtual point of presence for each of themultiple carrier entities at a subset or all of the plurality oflocations of the retail entity. In various embodiments, a singlephysical point of presence provided by the network service provider mayaccommodate subscribers of each of the multiple carrier entities byproviding a virtual point of presence each of the multiple carrierentities through the physical point of presence.

Each portable computing device of each subscriber may storeidentification (ID) information which may uniquely indicate a carrierentity of which the subscriber subscribes. The ID information may takevarious forms, such as a System ID (SID), MAC ID, or otheridentification which may be used to identify a carrier entity to whichthe subscriber has subscribed. As used herein, the SID may include anSSID (Service Set ID), a BSSID (Basic Service Set ID), or an ESSID(Extended Service Set ID), among others. When the portable computingdevice is within a vicinity of a wireless access point, the portablecomputing device may provide the ID information to the wireless accesspoint.

In various embodiments, each of the wireless access points is operableto “listen for” or detect ID information, e.g., System IDs, associatedwith numerous different carrier entities. In several embodiments, eachof the access points may be operable to broadcast requests foridentification information, e.g., broadcast System IDs to the portablecomputing devices, wherein the portable computing devices may respond tothis broadcast by providing the identification information. Broadcastsby wireless access points may be considered “beacons”.

In several embodiments, a wireless access point may include or accesssoftware which is executable to provide wireless access pointfunctionality for each of the multiple carrier entities. The softwaremay implement a “super access point” which maintains associationsbetween the multiple carrier entities and a corresponding plurality ofSIDs, such as MAC IDs, SSIDs, ESSIDs, etc. The wireless access point maybe capable of broadcasting and/or recognizing any of the plurality ofSIDS, behaving appropriately for different SIDS that are received fromportable computing devices of users, and providing network services toeach subscriber through that subscribers carrier virtual point ofpresence. A wireless access point may be operable to appear as any oneof a plurality of different carrier entities, meaning that a singlewireless access point may “pretend to be” or behave as a wireless accesspoint dedicated to a particular carrier entity for each of a pluralityof different carrier entities.

In various embodiments, a wireless access point provides a plurality ofvirtual wireless access points, where a virtual wireless access pointmay include wireless access point functionality implemented in softwarethat appears as a physical AP to a portable computing device. Theplurality of virtual wireless access points or “software” wirelessaccess points may be implemented on one or more physical wireless accesspoints, e.g., on a common set of physical wireless access points. Forexample, each physical wireless access point may implement a pluralityof virtual wireless access points. Each instance of a virtual wirelessaccess point executes a complete IEEE 802.11 protocol stack, and may beindistinguishable from a hardware wireless access point to any wirelessnetwork client(s). Each virtual wireless access point or “software”wireless access point may include its own ESSID or SSID, among otherIEEE 802.11 IDs, and may be uniquely associated with a carrier virtualpoint of presence.

In several embodiments, a network management device (NMD) may be used toprovide access control of services through a wireless access point. Eachof the plurality of different carrier entities may desire to providedifferent means of access control for its subscribers. In variousembodiments, software and/or information that may enable an NMD toaccommodate or service subscribers of a plurality of different carrierentities. The software and/or information may implement one or morevirtual points of presence. In one example, instead of using a separateNMD for each carrier entity supported at a location, the NMD may beoperable to appear as a point of presence to any one of a plurality ofdifferent carrier entity at the location, meaning that a single NMD may“pretend to be” or behave as a point of presence dedicated to aparticular carrier entity for each of a plurality of different carrierentities. Each virtual point of presence for each carrier entity may beconsidered a carrier virtual point of presence.

In various embodiments, each carrier virtual point of presence mayinclude a carrier-specific sign-in method. According to one embodiment,the carrier-specific sign-in method may include a set of web pagesavailable to a user before he or she is authenticated for furtherservice by a carrier entity. The web pages may include variousinformation about the carrier entity, maps, information about asurrounding area, an advertisement, a promotion, and/or sign-ininformation, among others. In one embodiment, the carrier-specificsign-in method may include a roaming sign-in method. For example, thecarrier entity may allow subscribers of another carrier entity to useservices of the carrier entity at various locations of the retailentity.

In several embodiments, the wireless service may provide wireless accessto employees of the retail entity. This access may include access of oneor more back office devices (e.g., cash registers, credit cardprocessing devices, etc.). For instance, an employee may use a wirelessdevice to place orders of customers.

Each of the APs may be coupled to an NMD through a local area network(LAN). Various portions of the LAN may include various “wired” and/orwireless elements. In various embodiments, the LAN supports a VLAN(Virtual LAN) protocol, such as IEEE 802.1(q). In order to partition thenetwork, the network system may maintain a binding between the ESSID orSSID and VLAN IDs/tags or equivalents. This may allow a common LAN(using VLAN-capable devices) to supply a secured “virtual LAN” to eachcarrier virtual point of presence of the NMD. In various embodiments,quality of service (QoS) (e.g., IEEE 802.1(p)) may be used to provideservice differentiation. According to one embodiment, a VLAN and a QoSmay be used in tandem. This may allow the network service provider toprovide service level agreements to various users, including bothsubscriber of the carrier entities and, for example, employees of theretail entity. In several embodiments, one or more back office devicesof the retail entity may use a network provided by the network serviceprovider. Moreover, traffic from the back office devices may beseparated from network traffic from subscribers of one or more carrierentities. The network architecture described herein may scale to supporthundreds of these carrier entities, and thousands of simultaneous usersand/or subscribers in each location.

BRIEF DESCRIPTION OF THE DRAWINGS

Other objects and advantages of the invention will become apparent uponreading the following detailed description and upon reference to theaccompanying drawings in which:

FIG. 1 is a flowchart diagram illustrating a method for providingnetwork services, according to various embodiments;

FIG. 2 is a diagram illustrating a plurality of locations of a retailentity, according to various embodiments;

FIG. 3A is block diagram of a network communication system, according tovarious embodiments;

FIG. 3B is block diagram of a network communication system, according tovarious embodiments;

FIG. 3C is block diagram of a network communication system, according tovarious embodiments;

FIG. 3D is block diagram of a network communication system, according tovarious embodiments;

FIG. 3E is block diagram of a network communication system, according tovarious embodiments;

FIG. 3F is block diagram of a network communication system, according tovarious embodiments;

FIG. 3G is block diagram of a network communication system, according tovarious embodiments;

FIG. 4 illustrates a flowchart diagram of a user using a portablecomputing device at a location of a retail entity, according to variousembodiments;

FIG. 5A is block diagram of the network communication system which usesvirtual access points and virtual points of presence, according tovarious embodiments;

FIG. 5B is block diagram of the network communication system which usesvirtual access points and virtual points of presence, according tovarious embodiments;

FIG. 6A is block diagram of various portable computing devices using thenetwork communication system which uses virtual access points andvirtual points of presence, according to various embodiments;

FIG. 6B is block diagram of various portable computing devices using thenetwork communication system which uses virtual access points andvirtual points of presence, according to various embodiments; and

FIG. 7 illustrate a flowchart diagram of a plurality of a portablecomputing devices using the network system at a location of a retailentity, according to various embodiments.

While the invention is susceptible to various modifications andalternative forms, specific embodiments thereof are shown by way ofexample in the drawings and will herein be described in detail. Itshould be understood, however, that the drawings and detaileddescription thereto are not intended to limit the invention to theparticular form disclosed, but on the contrary, the intention is tocover all modifications, equivalents and alternatives falling within thespirit and scope of the present invention as defined by the appendedclaims.

DETAILED DESCRIPTION

Incorporation by Reference

U.S. Pat. No. 5,835,061, titled “Method and Apparatus forGeographic-Based Communications Service”, whose inventor is Brett B.Stewart, is hereby incorporated by reference in its entirety as thoughfully and completely set forth herein.

U.S. Pat. No. 5,969,678, titled “System for Hybrid Wired and WirelessGeographic-Based Communications Service”, whose inventor is Brett B.Stewart, is hereby incorporated by reference in its entirety as thoughfully and completely set forth herein.

U.S. patent application Ser. No. 09/433,817 titled “Geographic BasedCommunications Service” and filed on Nov. 3, 1999, whose inventors areBrett B. Stewart and James Thompson, is hereby incorporated by referencein its entirety as though fully and completely set forth herein.

U.S. patent application Ser. No. 09/433,818 titled “A NetworkCommunications Service with an Improved Subscriber Model Using DigitalCertificates” and filed on Nov. 3, 1999, whose inventors are Brett B.Stewart and James Thompson, is hereby incorporated by reference in itsentirety as though fully and completely set forth herein.

U.S. Pat. No. 6,732,176, titled “Distributed Network CommunicationSystem Which Enables Multiple Network Providers To Use A CommonDistributed Network Infrastructure”, whose inventors are Brett B.Stewart, James Thompson, and Kathleen E. McClelland, is herebyincorporated by reference in its entirety as though fully and completelyset forth herein.

U.S. patent application Ser. No. 09/551,309 titled “System and Methodfor Managing User Demographic Information Using Digital Certificates”and filed on Apr. 18, 2000, whose inventors are Brett B. Stewart andJames Thompson, is hereby incorporated by reference in its entirety asthough fully and completely set forth herein.

U.S. patent application Ser. No. 09/556,380 titled “System and Methodfor Operating a Reverse Firewall” and filed on Apr. 25, 2000, whoseinventors are Brett B. Stewart and James W. Thompson, is herebyincorporated by reference in its entirety as though fully and completelyset forth herein.

U.S. patent application Ser. No. 09/638,282 titled “System and Methodfor Distributing Offer Rules in a Communication Service System” andfiled on Aug. 14, 2000, whose inventors are Brett B. Stewart and JamesThompson, is hereby incorporated by reference in its entirety as thoughfully and completely set forth herein.

U.S. patent application Ser. No. 09/707,729 titled “System and Methodfor Providing Different Access Levels in a Communication Service System”and filed on Nov. 11, 2000, whose inventors are Brett B. Stewart, JamesThompson and Kathleen E. McClelland, is hereby incorporated by referencein its entirety as though fully and completely set forth herein.

U.S. patent application Ser. No. 09/767,374 titled “Distributed networkcommunication system which allows multiple wireless service providers toshare a common network infrastructure” and filed on Jan. 22, 2001, whoseinventors are James Thompson, Kathleen E. McClelland, and Brett B.Stewart, is hereby incorporated by reference in its entirety as thoughfully and completely set forth herein.

U.S. Provisional Patent Application Ser. No. 60/383,827 titled “Roaming”and filed on May 29, 2002, whose inventors are James D. Keeler andMatthew M. Krenzer, is hereby incorporated by reference in its entiretyas though fully and completely set forth herein.

U.S. patent application Ser. No. 10/341,761 titled “AUTHORIZATION ANDAUTHENTICATION OF USER ACCESS TO A DISTRIBUTED NETWORK COMMUNICATIONSYSTEM WITH ROAMING FEATURES” and filed on Jan. 14, 2003, whoseinventors are James D. Keeler and Matthew M. Krenzer, is herebyincorporated by reference in its entirety as though fully and completelyset forth herein.

U.S. patent application Ser. No. 10/387,337 titled “SYSTEM AND METHODFOR USER ACCESS TO A DISTRIBUTED NETWORK COMMUNICATION SYSTEM USINGPERSISTENT IDENTIFICATION OF SUBSCRIBERS” and filed on Mar. 11, 2003,whose inventors are James D. Keeler, Ian M. Fink, and Matthew M.Krenzer, is hereby incorporated by reference in its entirety as thoughfully and completely set forth herein.

U.S. Provisional Patent Application Ser. No. 60/454,212 titled “ChitCode System and Method for Authentication and Access Control” and filedon Mar. 11, 2003, whose inventors are Ian M. Fink and James D. Keeler,is hereby incorporated by reference in its entirety as though fully andcompletely set forth herein.

U.S. patent application Ser. No. 10/442,526 titled “User Fraud Detectionand Prevention of Access to a Distributed Network Communication System”and filed on May 21, 2003, whose inventors are Ian M. Fink and James D.Keeler, is hereby incorporated by reference in its entirety as thoughfully and completely set forth herein.

U.S. patent application Ser. No. 10/797,430 titled “Method and Systemfor Providing Network Access and Services Using Access Codes” and filedon Mar. 10, 2004, whose inventor is Ian M. Fink, is hereby incorporatedby reference in its entirety as though fully and completely set forthherein.

FIG. 1—Set-Up

FIG. 1 illustrates a method for providing network services, according tovarious embodiments. It is noted that in various embodiments one or moreof the method elements may be performed concurrently, in a differentorder, or be omitted. Additional elements may be performed as desired.

At 50, a network service provider (NSP) may install one or more wiredand/or wireless access points (APs) 120 at one or more locations,typically a plurality of locations, of a retail entity. Each accesspoint (AP) 120 may be coupled to a network, such as a network 130described below. The retail entity may use services provided by APs 120and/or network 130. For example, back office devices, such as cashregisters and/or credit card processing devices, may be coupled tonetwork 130 and use services provided by network 130.

In various embodiments, the NSP may receive compensation (e.g., apayment) from a carrier, at 55. As used herein, the term “carrier” or“carrier entity” is intended to include any of various entities involvedwith the transport of voice, audio, video, and/or data, including atelephone company, a long distance service provider, a cellulartelephone company, a satellite telephone company, a voice over Internetprotocol (VoIP) telephone company, and/or a cable television provider,among others. The compensation may be received as a lump sum or receivedover a period of time (e.g., six months, one year, 5 years, etc.). Thus,the NSP may receive compensation for installing, operating, and/ormaintaining APs 120 and/or other networking equipment.

In several embodiments, the NSP may also receive compensation (e.g., apayment) from the retail entity. For example, the retail entity maydesire to offer various services through APs 120. The retail entity maydesire to use one or more devices supported by network 130, such asvarious back office devices described above. According to oneembodiment, the NSP may receive compensation from the retail entity inaddition to compensation from the carrier entity.

In one embodiment, the retail entity may receive a payment from thecarrier entity for the carrier entity to offer services at a subset ofor all of the locations of the retail entity. Thus, in this embodiment,the retail entity may pay both the NSP and the carrier entity.

According to another embodiment, the carrier entity may receive paymentfrom the retail entity for offering services at a subset of or all ofthe locations of the retail entity. For example, the offered services ofthe carrier entity at locations of the retail entity may provide theretail entity with opportunities to attract more customers, e.g., tosell goods and/or services to subscribers of the carrier entity. Theretail entity may also provide a payment to the NSP, in addition to thepayment from the carrier entity to the NSP.

In some embodiments, the NSP may store information associated withvarious compensations in a computer system. In various examples, the NSPmay store a record of a payment in a database (e.g., an accountingdatabase); the NSP may receive a payment from the carrier and/or theretail entity via electronic transfer of funds; or the NSP may receive acheck from the carrier and/or the retail entity. The NSP may deposit thecheck in a bank account, and a bank may electronically update the bankaccount to account for the check deposit.

The carrier may charge its customers for use of the APs 120 at variousretail entities. In various embodiments, the carrier may providestatements, invoices, and/or bills on a periodic basis to itssubscribers, at 60. In some embodiments, subscribers may be consideredcustomers of the carrier, wherein the subscribers of the carrier have apre-existing billing and/or contractual relationship with the carrier.For instance, a carrier such as a telephone company may provide monthlyinvoices to users of its telephone service. The carrier may bundleaccess and/or services provided by APs 120 with a customer and/orsubscriber bill. Services provided by APs 120 may be itemized on a bill.Bills for services provided by APs 120 may be included in bills forother services, such as long distance telephone service, local telephoneservice, cable television service, and/or broadband service, amongothers.

The carrier may also provide access and/or services of APs 120 as anamenity or value-added service (e.g., free service) for being asubscriber of the carrier. Thus, access and/or services of APs 120 maybe provided for being a subscriber of a long distance service orcellular telephone provider, among others. Alternatively, access and/orservices of APs 120 may be provided to bank account holders who haveaccess to online bill paying and/or free checking, among others.

In several embodiments, a customer of the carrier may be considered awalk-up customer, where the customer may provide compensation (e.g., apayment) to the carrier in an ad hoc fashion. In some embodiments, thecarrier may share the compensation from the walk-up customer. Forexample, the carrier may share the compensation with the retail entityand/or the network provider. If other carriers are available at thelocation of the walk-up customer, the carrier may share the compensationwith various of the other carriers available at the location of thewalk-up customer.

In some embodiments, a walk-up customer may become a subscriber of oneor more services of the carrier. For example, the network may provide aweb page (such as a forced first page (FFP)) that provides informationon how a walk-up customer may sign up to become a subscriber of thecarrier. The walk-up customer may register or sign-up for a monthly ormonth-to-month subscription, among other types of subscriptions, withthe carrier. The carrier may share revenue from the subscription withthe retail entity and/or the network service provider. If other carriersare available at the location of the walk-up customer, the carrier mayshare the revenue with various of the other carriers available at thelocation of the walk-up customer.

In various embodiments, the NSP may (also) receive compensation from acarrier over a period of usage, such as a perpetual period of time, forongoing management and maintenance of the network. This compensation maybe a periodic fee. For example, the NSP may receive monthly paymentsfrom the carrier for allowing one or more customers and/or subscribersof the carrier to access APs 120. The retail entity may also receiveongoing compensation from a carrier for allowing one or more customersand/or subscribers of the carrier to access APs 120. For example, theretail entity may receive monthly payments from the carrier for allowingone or more customers and/or subscribers of the carrier to access APs120.

FIG. 2—Locations of a Retail Entity

In various examples, a retail entity may comprise: a chain fast-food ofrestaurants; a chain of hotels; a chain of fueling stations (e.g., gasstations, truck stops, etc.); a chain of convenience stores; a chain ofdiscount stores or “super centers” (e.g., Wal-Mart®, K-Mart®, etc.);and/or a chain of coffee shops; among other types of retail entities. Aretail entity may also comprise various combinations of different retailentities who have joined together to offer network services, perhaps toprovide joint branding or economies of scale.

In various embodiments, a retail entity may include a plurality oflocations in one or more geographic regions. For example, the retailentity may include locations 175A-175D in a geographic region 178A asillustrated in FIG. 2. A geographic region may be of any size and/orshape. In some embodiments, the retail entity may own each businesslocation, such as locations 175A-175H. In various embodiments, a portionof the business locations may be franchises. For instance, the retailentity may include franchise locations in geographic regions 178B-178C.

FIG. 3—A Network Communications System

FIGS. 3A-3G illustrate a distributed network communication system (NCS)100, according to various embodiments. NCS 100 may include one or moreAPs 120, wherein the APs 120 may be installed in various retail entitylocations as described above. The wireless APs 120A-120B may communicatewith a portable computing device (PCD) 110 in a wireless fashion, whilethe wired APs 120C-120D may communicate with PCD 110 in a wired fashion.Each wireless access point (AP) 120 may include a wireless transceiverand may operate according to various wireless standards, such aswireless Ethernet (IEEE 802.11), IEEE 802.16, Bluetooth, General PacketRadio Service (GPRS), CDMA (code division multiple access), TDMA (timedivision multiple access), FDMA (frequency division multiple access),ultra wide band, digital, and/or infrared communication technologies,among others.

Each of the APs 120 may be coupled to a network 130A. Network 130A maybe coupled to a network management device (NMD) 105. NMD 105 may becoupled to network 130B. WANs 107A-107B, corporate networks 101A-101B,and/or Internet 170 may be coupled to network 130B. In variousembodiments, NMD 105 may provide authentication and/or access controlfrom one or more PCDs 110 coupled to network 130A through an AP 120 tothe various WANs 107, local area networks (LANs), and corporate networks101, including the Internet 170. Thus, NMD 105 may be coupled to a PSTN,e.g., Ethernet cable and DSL; a cable (television) based network; asatellite-based system; a fiber based network; among others.

Network 130 (including 130A-130G) may include a wired network, awireless network or a combination of wired and wireless networks.Network 130 may include and/or be coupled to other types ofcommunications networks, (e.g., other than the Internet) such as apublic switched telephone network (PSTN), where APs 120 and/or PCD 110may send and receive information from/to the PSTN or other communicationnetworks. Network 130 may also be coupled to a wide area network (WAN),such as a proprietary WAN. Network 130 thus may be, or be coupled to,any of various wide area networks (WANs), local area networks (LANs),corporate networks, including the Internet.

Network 130 (including 130A-130G) may include one or more wirelessnetworks, e.g., based on IEEE 802.11 and/or IEEE 802.16. For instance,one or more wired and/or wireless APs 120 may be coupled to network 130Ain a wireless fashion. Network 130A may include one or more DSL (digitalsubscriber line) and/or cable (e.g., cable television) networks and/orinfrastructures. For example, network 130A may include one or more of:cable modems, cable modem termination systems (CMTSs), satellite modems,DSL modems, digital subscriber line access multiplexers (DSLAMs),broadband remote access servers (BRASs), and/or metropolitan areanetworks (MANs), among others. Network 130 may form part of theInternet, or may couple to other networks, e.g., other local or widearea networks, such as the Internet 170. Thus, APs 120 in various retailentity locations may be coupled together using a PSTN, e.g., Ethernetcable and DSL; a cable (television) based network; a satellite-basedsystem; and/or a fiber based network; among others.

In various embodiments, access to these networks may include any“services” these networks may provide. For example, these services mayinclude: email, world wide web, file transfer, printing, file sharing,file system sharing, remote file system, network file system (NFS),news, multicast, netbios, encryption, domain name service (DNS),routing, tunneling, chat such as Internet Remote Chat or AOL InstantMessenger, gaming, licensing, license management, digital rightsmanagement, network time, remote desktop, remote windowing, audio,database (e.g., Oracle, Microsoft SQL Server, PostgreSQL, etc.),authentication, accounting, authorization, virtual local area network(VLAN) (e.g., IEEE 802.1(q), virtual private network or VPN, audio,phone, Voice Over Internet Protocol (VoIP), paging, or video, amongothers.

NCS 100 may include one or more content providers 160. In oneembodiment, content provider 160A may be coupled to network 130A.According to one embodiment, content provider 160B may be coupled tonetwork 130B, e.g., through Internet 170. In various embodiments,content provider 160 may provide information such as audio, video, text,pictures, and/or maps among others. For example, the information couldbe based on a geographic location of a PCD 110 and/or an AP 120. Forinstance, a location of AP 120 may be provided to content provider 160,and content provider 160 may provide geographic based advertising;geographic based travel information; or display a map to PCD 110 whichshows an area in the vicinity of PCD 110. Some or all of the content maybe pre-distributed to a local cache device 162 (such as a computer harddrive or other memory media) to facilitate faster local access to saidcontent and to minimize delays and/or costs of transmitting said contentthrough network 130B.

The content may be based on the retail entity and current promotions ofthe retail entity. For example, the content may be entertainment typecontent to entice customers into the retail entity locations. Forexample, for a fast food restaurant, such as a McDonalds®, content maybe provided that is geared to children, such as games based on currentMcDonalds® promotions or themes, etc. In one embodiment, network accessto this type of enticement content may be given freely to purchasingcustomers to entice them to visit the retail location. This type ofnetwork content may be provided in lieu of traditional “plastic toys” orother items routinely given out to children in these restaurants.

In one embodiment, content provider 160 may provide content that may beused by the business itself, e.g., content to train employees of theretail entity or provide necessary business information. According toone embodiment, content provider 160 may provide content that may beused to train employees of a carrier. In several embodiments, NMD 105may include content provider 160 or the content and functionality ofcontent provider 160. A portion or all of said content may be cached ona local cache device 162.

NCS 100 may include a management information base (MIB) 150. MIB 150 maybe coupled to network 130A. MIB 150 may be a mechanism, such as amemory, which may allow the persistent storage and management ofinformation needed by network 130A to operate. In one embodiment, MIB150 may store a data structure, such as a table comprising a list ofidentification information and a corresponding list of the plurality ofpossible networks and/or services. The data structure may also storeaccess information, which may include associated methods for providingdata to/from the respective plurality of possible networks and/orservices. The access information may include access level and/orprivilege level information. The data structure may include a tablehaving a plurality of tuples, with each tuple having the identificationinformation. According to one embodiment, the data structures whichstore this information may be included in each of the APs 120, or may beprovided in various other locations.

MIB 150 may store other information, such as a directory of all theelements (e.g., access points, computing devices, etc) in the network,the topology of the network, characteristics of individual networkelements, characteristics of connection links, performance and trendstatistics, and any information which is of interest in the operation ofnetwork 130A. For example, MIB 150 may store the precise longitude,latitude, altitude and other geographic information pinpointing thelocation of each access point.

In several embodiments, NMD 105 may be a computer system operable toinclude MIB 150, network 130A, various networking equipment, and/or oneor more APs 120, among others.

A user operating PCD 110 may communicate with one of the APs 120 to gainaccess to a network and its services, such as Internet 170. PCD 110 mayhave a wireless communication device, e.g., a wireless Ethernet card,for communicating with one or more of the wireless APs 120. PCD 110 mayinstead have a wired communication device, e.g., an Ethernet card, forcommunicating with one or more of the wired APs 120.

In several embodiments, PCD 110 may be any of various types of devices,including a computer system, such as a portable computer, a personaldigital assistant (PDA), an Internet appliance, a communications device,or other wired or wireless device. PCD 110 may include various wirelessor wired communication devices, such as a wireless Ethernet card, paginglogic, RF (radio frequency) communication logic, a wired Ethernet card,a modem, a DSL device, an ISDN device, an ATM (asynchronous transfermode) device, a parallel or serial port bus interface, or other type ofcommunication device.

In various embodiments, PCD 110 may include a memory medium which storesidentification information. The identification information may be aSystem ID (an IEEE 802.11 System ID), a processor or CPU ID, a MediaAccess Control (MAC) ID of a wireless or wired Ethernet device comprisedin the PCD 110, or other type of information that identifies PCD 110.The identification information may be included in a digital certificate(e.g., an X.509 certificate), which may be stored in a web browser, in aclient software, or in a memory medium of PCD 110.

With wireless APs 120, the wireless communication may be accomplished ina number of ways. In one embodiment, PCD 110 and wireless APs 120 areequipped with appropriate transmitters and receivers compatible in powerand frequency range (e.g., 900 MHz, 2.4 GHz, 3.6 GHz, 5 GHz, amongothers) to establish a wireless communication link. Wirelesscommunication may also be accomplished through cellular, digital, orinfrared communication technologies, among others. To provide useridentification and/or ensure security, PCD 110 and/or wireless APs 120may use any of various security systems and/or methods.

With wired APs 120, the wired connection may be accomplished through avariety of different ports, connectors, and/or transmission mediums. Forexample, PCD 110 may be connected through an Ethernet, universal serialbus (USB), FireWire (IEEE 1394), serial, or parallel transmissioncables, among others. PCD 110 may also include various communicationdevices for connecting to one of the wired APs 120, such as wiredEthernet cards, modems, DSL adapters, ATM adapters, IDSN devices, orother communication devices. In one example, a hotel, such as location175A, may have Ethernet connections in the restaurants, shops, meetingrooms, and/or guest rooms. In a second example, a fast-food restaurantand/or a coffee shop, such as location 175B, may have both wireless andwired connections for mobile users. A user may connect to a wired AP120C through the use of a laptop computer (PCD 110), an Ethernet networkcard, and a network cable. This connection may have the same impact as aconnection made to a wireless AP 120B. In other words, a user using awired PCD 110 may be able to use various network infrastructures in thesame manner as a user using a wireless PCD 110.

In various embodiments, NCS 100 may be geographic-based. In other words,the NCS 100 may provide information and/or services to a PCD 110 of auser based at least partly on the geographic location of the PCD 110,e.g., as indicated by APs 120 or as indicated by geographic information(e.g., GPS information, fast-food restaurant or coffee shop location,room identification or number, among others) provided from PCD 110. Inone embodiment, APs 120 are arranged at known geographic locations andmay provide geographic location information regarding the geographiclocation of the user or PCD 110. According to one embodiment, PCD 110may provide geographic location information of the PCD 110 through an AP120 to network 130A. For example, the PCD 110 may include GPS (GlobalPositioning System) equipment enabling PCD 110 to provide its geographiclocation through the AP 120 to network 130A.

In some embodiments, a retail entity computing device (RECD) 111 may becoupled to network 130A. Retail entity computing device (RECDs)111A-111B may be coupled to network 130A in a wired fashion while RECD111C may be coupled to network 130A in a wireless fashion by wireless AP120, as shown in FIG. 3B.

A retail entity may provide RECDs 111 at various locations of the retailentity. RECDs 111 may be used by customers of the retail entity toaccess content and/or network services offered at the various locations.In several embodiments, the retail entity may distribute access codes,and the access codes may be used to authenticate a user for service. Forexample, an access code may be used to authenticate a user for access toInternet 170. The RECDs 111 may be “locked down” to prevent theft.

The retail entity may distribute access codes to access content throughRECDs 111. For example, a customer of the retail entity may receive anaccess code and use the access code with RECD 111B to access contentfrom content provider 160A and/or 160B. In various examples, the contentmay include audio, video, maps, pictures, and/or text, among others. Forinstance, the content may include a movie trailer, a music video, and/ora computer-implemented game, web pages, graphics, digital magazines,among others. Some or all of said content may be cached on a local fileserver 162. Said content cache may be updated, replaced, or added tobased on various factors including, but not limited to, the date of thecontent (e.g. digital magazines and/or digital newspapers may be updatedonce/day or once/week), the local demographics or local areaattractions, size of the data, available bandwidth for download, orother scheduled mechanism for updating the cached content.

In several embodiments, access codes to content may be provided tocustomers with a purchase of goods and/or services. For example, acustomer may receive an access code to download a computer-implementedgame. The computer-implemented game may be downloaded to PCD 110, forinstance. The access code to download a computer-implemented game may bedistributed instead of a toy or trinket that may have accompanied apurchase of a meal. The computer-implemented game may include one ormore digital rights management schemes. For instance, a digital rightsmanagement scheme may provide protection against further distribution ofthe computer-implemented game, e.g., not allowing distribution of thecomputer-implemented game to another computing device after it isdownloaded. A digital rights management scheme may allow thecomputer-implemented game to only be played at a location of the retailentity.

In several embodiments, NMD 105 may service a single location. Invarious embodiments, NMD 105 may service a plurality of locations 175,as shown in FIG. 3C. For instance, each of the venues 175A-175D mayinclude a portion of NCS 100. In one embodiment, a plurality of venues,such as venues 175C-175D, may include a physical portion of NCS 100where the physical portion, such as wireless AP 120A, is common to bothvenues. The physical portion of NCS 100 may appear as more than oneportion in a virtual fashion with the use of virtual access points asfurther described below.

In various embodiments, NCS 100 may include and/or use various virtuallocal area networks (VLANs) 117, as shown in FIG. 3D. In severalembodiments, a back office device (BOD) 102 may be coupled to network130A. For example, a BOD 102 may include a cash register, or a BOD 102may include point of sale (POS) terminal with a credit card readingmechanism. The POS terminal may be configured to contact a clearinghousethrough a network to debit one or more credit or debit card accounts.The POS terminal may include other mechanisms to identify a customerand/or customer account information. The POS terminal may include asmart card reader. For instance, the smart card reader may be used toread bank account information from a smart card. The POS terminal mayinclude a radio frequency identification (RFID) reader. For instance, anRFID may indicate account information of a customer.

In several embodiments, information may be communicated to and from BOD102 through network 130A using a VLAN 117A. For example, BODs 102A-102Cmay communicate with NMD 105 through VLAN 117A. For instance, it may bedesirable to separate communications from BODs 102A-102C from othernetwork elements, such as wireless AP 120. According to one embodiment,wireless AP 120 may use VLAN 117B to communicate with NMD 105. UsingVLANs 117A-117B, NMD 105 and network 130A may allow any informationcommunicated to and/or from a BOD 102 to not be available throughwireless AP 120. This may effectively create or produce private andpublic portions of network 130A.

In several embodiments, network 130 may support bandwidth shaping ortraffic shaping. According to one embodiment, a data rate or packet ratemay be reserved for one or more computer systems at location 175. Forexample, a BOD 102 may be able to use a data rate 728 kilobits persecond (kbps) to transmit information to Internet 170 while a PCD 110may only be able to use 128 kbps to transmit information to Internet170. In one embodiment, traffic shaping may “deburst” or smooth trafficflows. For example, without traffic shaping, packets traversing network130 may be: ten packets in a first second, 0 packets in a second second,and twenty packets in a third second. With traffic shaping, the thirtypackets may traverse network 130 at ten packets per second, and morethan three second may transpire before all thirty packets traversenetwork 130.

In various embodiments, network 130 may support IEEE 802.1p, whichprovides various quality of service (QoS) or class of service (CoS).This may enable network 130 to enforce certain predefined quality ofservice metrics to any given port or virtual port included withinnetwork 130. For instance, using QoS, network 130 may be operable toprioritize traffic and/or perform dynamic multicast filtering. In oneembodiment, an IEEE 802.1p header may include a three-bit field forprioritization. For instance, this may allow network 130 to group datapackets into various traffic classes. For example, using a three-bitfield for prioritization may establish eight levels of priority. Network130 may be configured with any prioritization mapping. In oneembodiment, a prioritization mapping may be stored in memory coupled tonetwork 130, such as MIB 150, among others.

In several embodiments, a prioritization mapping may include a three-bitnumber (e.g., 000 through 111 in binary or, equivalently, 0 through 7 indecimal) associated with a priority level. In one instance,network-critical traffic such as a Routing Information Protocol (RIP)(e.g., RIP version 2) and/or an Open Shortest Path First (OSPF) tableupdates may be given a highest priority. For example, the highestpriority may be seven in the prioritization mapping. Delay-sensitiveapplications such as interactive video and/or voice may be associatedwith moderately high priority values of five or six in theprioritization mapping. Other traffic or data classes may range fromstreaming multimedia and/to business-critical traffic, such as trafficfrom a database, down to “loss eligible” traffic. The streamingmultimedia and/to business-critical traffic may be associated withmoderate priority values around five or four in the prioritizationmapping while the loss eligible traffic may be associated with a valueof zero in the prioritization mapping. For example, a zero value may beused as a default. For instance, a zero value may be invokedautomatically when no other value has been set.

In various embodiments, network 130 may use VLANs and QoS in tandem(e.g., IEEE 802.1q and IEEE 802.1p in tandem). In one embodiment, a VLANtag may include two parts, a twelve-bit VLAN ID and a three-bitprioritization. In one example, this may allow network 130 to support aplurality of priority levels for a plurality of VLANs. In a secondexample, this may allow network 130 to support a plurality of prioritylevels within one or more VLANs.

In several embodiments, network 130 and/or NMD 105 may providepolicy-based routing from one or more computer systems to one or morenetworks. For example, an employee of the retail entity may use a PCD110C. PCD 110C may be coupled to network 130A. For instance, PCD 110Cmay be coupled to network 130A through wireless AP 120. In one instance,the employee may use PCD 110C to communicate a computer system of retailentity, such as a retail entity gateway device 108 (e.g., a router, avirtual private network device, a VPN tunnel terminator or endpoint,etc.). NMD 105 and/or network 130A may route the communication to a VPNassociated with retail entity gateway device 108. In a second instance,the employee may use PCD 110C to communicate a BOD 102A. NMD 105 and/ornetwork 130A may route the communication to BOD 102A. For example, PCD110C may interface with BOD 102A to place an order for food and/orbeverages. In a third instance, the employee may use PCD 110C tocommunicate a web server available through Internet 170. NMD 105 and/ornetwork 130A may route the communication to Internet 170.

In several embodiments, NCS 100 may allow a NMD 105 may communicate witha retail entity gateway device 108 using one or more secure systemsand/or methods. FIG. 3E illustrates NMDs 105A-105C communicates with aVPN concentrator 106, according to various embodiments. In oneembodiment, each NMD 105A-105C communicates with VPN concentrator 106using VPNs 118A-118C, respectively. In one example, each VPN 118 mayinclude an IPSec, GRE, PPTP, IP over IP, or other tunnel (or acombination of tunneling technologies to achieve desired connectivityand routing of data). In various embodiments, VPN concentrator 106 mayinclude one or more computer systems and/or one or more routers.According to one embodiment, VPN concentrator 106 may allowcommunication of information to and from retail entity gateway device108 through a VPN 119. For instance, VPN 119 may include an IPSectunnel.

In various embodiments, NCS 100 may include one or more VPNconcentrators 106 which may be distributed in one or more geographicregions, as shown in FIG. 3F. For example, VPN concentrators 106A-106Cmay provide communication service with NMDs in geographic regions178A-178C, respectively. For instance, each of the VPN concentrators106A-106C may use VPNs 119A-119C, respectively, to communicate withretail entity gateway device 108.

In several embodiments, various BODs 102 distributed throughout one ormore geographic regions may be available through VPN concentrators 106,VPNs 119, VPNs 108, and NMDs 105. In one embodiment, a first BOD 102 maybe coupled to a first NMD 105, and a second BOD 102 may be coupled to asecond NMD 105. The first and second BODs 102 may communicate in witheach other in a secure fashion. According to one embodiment, each BOD102 may be associated with a private address, such as a private internetprotocol (IP) address. For example, each BOD 102 may be reached oravailable through its private address.

In various embodiments, NCS 100 may include networks 130E-130G, as shownin FIG. 3G. Each of the networks 130E-130G may be coupled to a network,such as Internet 170. NCS 100 may include AAA servers 710A-710C coupledto networks 130E-130G, respectively. NCS may include AAA interfaceservers 720A-720C coupled to networks 130E-130G, respectively. NCS 100may include membership server 730A coupled to network 130E andmembership server 730B coupled to network 130G. NCS 100 may includecredit card processing server 740A coupled to network 130E and creditcard processing server 740B coupled to network 130G. These servers maybe located in various locations. In various examples, AAA server 710C,AAA interface server 720C, membership server 730B, and credit cardprocessing server 740B may be located at a carrier location 707; AAAserver 710B and AAA interface server may be located at a roaming partnerlocation 705; AAA server 710A, AAA interface server 720A, membershipserver 730A, and credit card processing server 740A may be located at anetwork service provider location 700; or other configurations may beused as well.

Memory Medium and Carrier Medium

One or more of the systems described above, such as PCDs 110, APs 120,BODs 102, MIB 150, content providers 160, and NMDs 105 may include amemory medium on which computer programs or data according to thepresent invention may be stored. For example, each of the APs 120 and/orMIB 150 may store a data structure as described above comprisinginformation regarding identification information, correspondingnetworks, and access information such as associated data routingmethods. Each of the APs 120 and/or MIB 150 may further store a softwareprogram for accessing these data structures and using the informationtherein to properly provide or route data between personal computingdevices and networks, or to selectively provide or route data dependingon the access information.

The term “memory medium” is intended to include various types of memoryor storage, including an installation medium, e.g., a CD-ROM, or floppydisks, a random access memory or computer system memory such as DRAM,SRAM, EDO RAM, Rambus RAM, NVRAM, EPROM, EEPROM, flash memory etc., or anon-volatile memory such as a magnetic media, e.g., a hard drive, oroptical storage. The memory medium may comprise other types of memory aswell, or combinations thereof. In addition, the memory medium may belocated in a first computer in which the programs are executed, or maybe located in a second different computer which connects to the firstcomputer over a network. In the latter instance, the second computerprovides the program instructions to the first computer for execution.The memory medium may also be a distributed memory medium, e.g., forsecurity reasons, where a portion of the data is stored on one memorymedium and the remaining portion of the data may be stored on adifferent memory medium. Also, the memory medium may be one of thenetworks to which the current network is coupled, e.g., a SAN (StorageArea Network).

Also, each of the systems described above may take various forms,including a personal computer system, mainframe computer system,workstation, network appliance, Internet appliance, personal digitalassistant (PDA), an embedded computer system, television system or otherdevice. In general, the term “computer system” can be broadly defined toencompass any device having a processor which executes instructions froma memory medium.

The memory medium in one or more of the above systems thus may store asoftware program or data for performing or enabling access or selectivenetwork access. A CPU or processing unit in one or more of the abovesystems executing code and data from a memory medium comprises a meansfor executing the software program according to the methods orflowcharts described below.

Various embodiments further include receiving or storing instructionsand/or data implemented in accordance with the present description upona carrier medium. Suitable carrier media include memory media asdescribed above, as well as signals such as electrical, electromagnetic,or other forms of analog or digital signals, conveyed via acommunication medium such as networks and/or a wireless link.

FIG. 4—Service Through Access Points

FIG. 4 illustrates a method of a user using a PCD 110 at a location 175of a retail entity, according to various embodiments. It is noted thatin various embodiments one or more of the method elements may beperformed concurrently, in a different order, or be omitted. Additionalelements may be performed as desired.

At 70, the user may use PCD 110 to access service through an accesspoint (AP) 120 at location 175 of the retail entity. For instance,service through AP 120 may include services of one or more networksmentioned above. For example, the service may include access to content.The content may include media such as electronic magazines, electronicnewspapers, and/or websites, among others. The content may include mediasuch as audio and/or video. Some or all of said content may be cached ona local cache device 162.

In various embodiments, the content may be provided by the NSP.According to one embodiment, the NSP may provide the content from acomputer system at location 175. In one embodiment, the content may beprovided by one or more content providers, such as content providers160A-160B. In various embodiments, the content may be provided for afee. In several embodiments, the content may be provided afterauthenticating a promotional code. In some embodiments, the content maybe based on a geographic location of PCD 110 and/or AP 120. For moreinformation on the use of geographic location information for providinggeographic based services, please see U.S. Pat. No. 5,835,061,referenced above.

In several embodiments, at 75, a usage by PCD 110 and/or a request forservice from PCD 110 may be detected. In one example, a System ID (e.g.,a SSID and/or ESSID, among others) used by PCD 110 to communicate withAP 120 may be detected. For instance, each wireless AP 120 may beoperable to “listen for” or “detect” a plurality of different System IDswhich may correspond to a plurality of different possible networkproviders or carriers, or which may correspond to unknown networkproviders or carriers. Various embodiments may include various systemsand/or methods for detecting a usage and/or a request for service. Inone embodiment, PCD 110 may attempt to access a web server bytransmitting a request for a web page of the web server. At 77,according to one embodiment, available pricing and/or service optionsmay be determined. In one embodiment, a web page to present to PCD 110may be determined, at 77. For example, the web page may include thedetermined pricing and/or service options. At 78, the web page may betransmitted to PCD 110. According to one embodiment, the web page mayinstruct the user of PCD 110 to submit identification and/orauthentication information. In various embodiments, a redirect (e.g., ahypertext transfer protocol or HTTP 302 redirect) to a web page may betransmitted to PCD 110, at 78.

In several embodiments, PCD 110 may use customized client software torequest service. At 75, the request from or usage of the client softwaremay be detected. Information to send to the client software may bedetermined, at 77. Determining the information to send to the clientsoftware may be based on information received from the request. At 78,the NSP may transmit the information to PCD 110.

In various embodiments, PCD 110 may transmit various authenticationinformation, at 79. In one embodiment, PCD 110 may transmitauthentication information from a web browser to a web server. Accordingto one embodiment, PCD 110 may transmit authentication information fromclient software to a web server or another type of server.

At 80, an authentication process may be used to determine if service maybe granted. In several embodiments, authentication may include a processof identifying an individual. In various embodiments, authentication maybe based on an idea that each individual user has substantially uniqueinformation that sets him or her apart from other users. Authenticationmay be based on a username and password combination, an X.509certificate, or other credentials, such as biometric information from ahuman being based on physiological and/or behavioral characteristics.For instance, the username and password combination may include atelephone number and a personal identification number (PIN). Thebiometric information, for example, may include fingerprint information,a hand geometry, retina information, iris information, facialinformation, signature information, DNA information, and/or voiceinformation, among others.

In various embodiments, authentication information may include paymentinformation. For instance, information (e.g., a web page) transmitted toPCD 110 may request the user to enter credit card or debit cardinformation for access to network service. For example, theauthentication information may include credit card or debit cardinformation.

In several embodiments, prepaid card information may be used asauthentication information. For instance, information (e.g., a web page)transmitted to PCD 110 may request the user to enter prepaid cardinformation for access to network service. For example, a prepaid cardmay include a balance for services associated with a NSP and/or acarrier. When the prepaid card is used for services, an amount of thebalance may be debited from it. The prepaid card information may includea string of characters. The prepaid card information may be entered viaan input device, such as a keyboard or its equivalent. In oneembodiment, a prepaid card may be associated with only one carrier.

In various embodiments, authentication information may include accesscode information. For instance, information (e.g., a web page)transmitted to PCD 110 may request the user to enter access codeinformation for access to network service. According to one embodiment,the authentication information may include an access code. For instance,an access code may be a substantially unique string of charactersdistributed to a user of PCD 110. The access code may be entered via aninput device, such as a keyboard or its equivalent, of PCD 110. For moreinformation on the use of access codes for providing access to networkservices, please see U.S. patent application Ser. No. 10/797,430,referenced above.

In several embodiments, a user of PCD 110 may agree to an “AcceptableUse Policy” (AUP) before service may be granted. The AUP may includevarious definitions of services available to PCD 110. The AUP mayinclude various definitions of services not available to PCD 110. TheAUP may include guidelines and/or restrictions for using one or moreservices and/or acceptable use of the one or more services.

In various embodiments, authentication may be determined at NMD 105. Forexample, an access code may be authenticated at NMD 105. In severalembodiments, NMD 105 and/or PCD 110 may communicate with one or moreremote computers system to determine authentication. In severalembodiments, NMD 105 and/or PCD 110 may communicate with the one or moreremote computer systems using use one or more secure methods and/orsystems. For example, NMD 105 and/or PCD 110 may communicate with theone or more remote computer systems using transport layer security(TLS), HTTPS (secure HTTP), and/or a secure socket layer (SSL). Forexample, the one or more remote computer systems may include amembership server 730 and/or a credit card processing server 740, amongothers. For instance, membership server 730 and/or credit cardprocessing server 740 may provide an authentication response in responseto receiving authentication information. In several embodiments, NMD 105may receive the authentication response and determine if theauthentication response indicates whether or not PCD 110 isauthenticated, at 81.

In various embodiments, the authentication process may includetransmitting the identification and/or authentication informationassociated with the user of PCD 110 to a computer system and may includereceiving an authentication response. If no authentication response wasreceived, access to service may be denied at 82. In one embodiment, apredetermined amount of time may transpire before it may be determinedthat no authentication response was received. If the authenticationresponse indicates the user is not authenticated, access to service maybe denied at 82.

According to one embodiment, at 82, an access level or privilege levelof the user may be set to a lowest possible level. For example, the usermay only have access to specified local and/or limited resources but noexternal service, e.g., service of Internet 170. The specified localresources may include advertising, maps and/or other information of theretail entity and/or surroundings of location 175, and/or onlineshopping, among others. The local and/or limited resources may includelimited access to several web servers available through Internet 170 toprovide advertising, maps and/or other information.

If the authentication response indicates that the user has beenauthenticated, service may be granted. At 85, an authorization processmay be used. In various embodiments, authorization may include a processof granting or denying a user access to one or more network servicesand/or one or more resources (e.g., content). In one embodiment,authorization may commence after the user has been authenticated.According to one embodiment, an amount of services and/or content theuser may access may depend on an authorization level of the user. Forexample, the user may be able to access one or more maps and/oradvertising with a first authorization level. The user may be able toaccess one or more songs and/or videos with a second authorizationlevel. In one embodiment, the authorization level may be determined, atleast in part, by the geographic location of PCD 110 and/or AP 120.According to one embodiment, content provider 160 may determine and/oruse the authorization level for providing content to the user of PCD110. For more information on the use of access and/or authorizationlevels, please see U.S. patent application Ser. No. 09/707,729,referenced above.

At 90, an accounting process may be used. In several embodiments,accounting may include a process of keeping track of a user's activitywhile accessing the services and/or resources. Services and/or resourcesmay include an amount of time spent on a network, services accessedwhile on the network, and/or an amount of data transferred during asession, among others. Accounting information may be used for trendanalysis, capacity planning, billing, auditing, and/or cost allocation,among others. According to one embodiment, the NSP may store at least aportion of the accounting information in a database. In one embodiment,the NSP may store a portion of the accounting information in amanagement information base, such as MIB 150.

In various embodiments, authentication, authorization, and accounting(or “AAA”) processes or services of 80, 85, and 90, respectively, may beused with one or more computer systems to provide AAA processes orservices. RADIUS (Remote Authentication Dial-In User Service) is anexample of an AAA service used by many Internet Service Providers(ISPs). (The RADIUS specification is maintained by a working group ofthe Internet Engineering Task Force, the main standards organization forthe Internet.) When a user connects to the ISP, the user's username andpassword may be transmitted to an AAA server (e.g., a RADIUS server) orto an AAA interface server (e.g., a web server). The AAA server may thencheck that the information is correct and authorize access to the ISP'ssystem. Other protocols for providing an AAA framework may includeDIAMETER (an extension and improvement of RADIUS), EAP (ExtensibleAuthentication Protocol), TACACS (Terminal Access Controller AccessControl System), TACACS+, and/or XTACAS, 802.1x, WPA, 802.11i, amongothers. In several embodiments, these may also be used for applications,such as access to network service or Internet protocol (IP) mobility,and are intended to work in both local AAA and roaming situations.

Roaming Access

In various embodiments, a user may access network services via a carrierwith whom the user has no prior relationship. The user may subscribe toa network provider which is not the carrier. In one embodiment, thenetwork provider may provide the user with a single bill at the end ofthe month for all of his or her network services (or, in some casesprovide for a pre-paid subscription service). The network provider mayprovide or operate various network services itself, or the networkprovider may be considered an “aggregator” that does not own or operateany networks but provides infrastructure for enabling its subscribers togain network service at sites or locations from one or more othernetwork providers and/or carriers. The network provider that has thebilling relationship with the user with whom the carrier has no priorrelationship may be referred to herein as a “roaming partner”. In otherwords, subscribers of a roaming partner may be permitted to roam onvarious network infrastructures provided by one or more other networkproviders and/or one or more carriers.

For example, the carrier and a roaming partner may have an agreement orcontractual relationship that allows subscribers of the roaming partnerto roam on one or more network infrastructures of the carrier. Invarious embodiments, one or more carriers may have agreements with oneor more roaming partners. In other words, subscribers of each of theroaming partners may roam on various network infrastructures controlled,operated, and/or maintained by a carrier.

In several embodiments, various methods and/or systems may enable a userto roam on a network infrastructure. In one embodiment, a user may use aweb browser to obtain roaming network services. According to oneembodiment, a user may use client software to roam on a networkinfrastructure. Various embodiments may include using a standard RADIUSlogin with a RADIUS-qualified username and password.

When a web browser is used, the web browser may receive informationassociated with a welcome page transmitted in 78. The custom welcomepage may permit the user to choose a connection type for accessing theinternet: for example, by purchasing a connection (e.g., using a creditcard or hotel account), by using an existing membership with the serviceprovider, by using a coupon to purchase a connection, or by using aroaming connection with a roaming provider (e.g., entering a RADIUS nameand password).

The user may submit his or her RADIUS username and password. Theusername should be RADUIS-resolvable so that an AAA server 710A from thenetwork provider may properly proxy to an AAA server 710B from theroaming partner. For example, the username may be of the form:“COMPANYX/myusername@CompanyX.com”. According to one embodiment, anauthentication response from AAA server 710B may indicate that the useris not authenticated, at 80. In several embodiments, NMD 105 may receivethe authentication response and determine if the authentication responseindicates whether or not PCD 110 is authenticated, at 81. In variousembodiments, AAA server 710A may receive the authentication response anddetermine if the authentication response indicates whether or not PCD110 is authenticated, at 81. At 82, the user may be denied access if theauthentication response indicates that the user is not authenticated. Inone embodiment, an authentication response from AAA server 710B mayindicate that the user is authenticated, at 80. In various embodiments,PCD 110 may be granted services, such as one or more authorized servicesof the user's account, at 85.

In addition to authentication information, other information may beexchanged between the network provider and the roaming partner. Forexample, the network provider may publish service and fee informationthat is specific to the local site and/or network provider, as well aspotentially providing options for different service categories.Similarly, the roaming partner may be able to provide information to thenetwork provider regarding, for example, account information and/orrestrictions for the customer. For example, the roaming partner mayexchange information with the network provider indicating that the usermay only use a world wide web service. In one embodiment, at 85, thenetwork provider may authorize the user to use the world wide webservice. According to one embodiment, at 90, a RADIUS “start” record maybe generated for accounting purposes. At 95, the user may be allowedaccess to one or more services (e.g., authorized in 85) through AP 120.

When client software is used, an access request may be detected at 75.In one embodiment, the client software may perform a HTTP “GET” to a webserver, not on the subnet to which PCD 110 belongs, to initiate anaccess request. In another embodiment, the client software may perform aHTTP “GET” to a web server, on the subnet to which the PCD belongs, toinitiate an access request. For instance, the web server may have theaddress of the default gateway or default router of the subnet to whichPCD 110 belongs.

When PCD 110 is not currently authenticated for access, at 77,information to transmit to the client software may be determined. Theinformation may include an activation response message. The informationmay be transmitted to PCD 110 (e.g., to the client software) at 78. Forexample, the activation response message may include information that isusable to access Internet 170 (e.g., a router address or other networkaddress for the network provider). The activation response message maybe returned to the client software as a HTTP redirect (e.g., a HTTP 302redirect) to a “Terms and Conditions” web page. In one embodiment, theredirect may include a location identifier for the location 175 as wellas the access procedure identification as described in Table 1. Thelocation identifier and access procedure information may be includedwithin a valid HTML message, such as a message delimited appropriatelywith the <HTML> and </HTML> tags. The HTML message may include othervalid HTML message elements (e.g., HEAD, BODY, etc.). TABLE 1Information Required/ name Type Field format/value optional Router IPHTTP “{URL}?{query Required address redirect parameters}” Access HTML“<!--access Required procedure Comment procedure=WY.1-->” Location HTML“<!--access Required identifier Comment location={location ID}-->” Errorreturn HTML “<!--error={error Required Comment number}-->”

In one embodiment, the {location ID} may include characters such as“wp_” (to identify the network provider or carrier) concatenated withone or more 7-bit ASCII numeric code of one to twenty-nine digits. Thislocation ID may uniquely identify the location at which the access willoccur. The HTML message may include an error return string as shown inthe above table. Error numbers may be defined appropriately (e.g.,0=successful acceptance of request and 255=undefined system error).

According to one embodiment, client software will not perform a HTTP GEToperation to acquire redirected to a location. Rather, the redirect isprovided to pass back the {Query parameters} shown above. To make anauthentication request, the client software may then form a logon URL inthe format “https://roamer.{network provider anddomain}/roamer_login.adp”, where {network provider and domain} indicatesan internet address for the network provider or carrier (e.g.,wayport.net or foobazco.net).

At 79, the client software of PCD 110 may then transmit its user'susername and password to the network provider (e.g., at the routeraddress indicated by the activation response message). The clientsoftware may originate a POST operation to the above-described URL atthe internet protocol (IP) address implied by the logon URL at TCP port443 utilizing a HTTPS (secure HTTP) connection over TCP. The POSTparameters may be constructed by appending the arguments “username” and“password” to the {Query parameters} returned in the activation responseHTML message. The contents of the username and password fields may beencoded as “text/plain”, and the username may include a full NAI(network access identifier) including appropriate roaming-partnerprefixes. In several embodiments, the information may be formatted asshown in Table 2. TABLE 2 Field naming/format specification Required/Field name Type (url encoded) optional Username HTTP POST type=“text”Required input field parameter name=“username” maxsize=“128“ PasswordHTTP POST type=“password” Required input field parameter name=“password”maxsize=“128“

At 80, authentication may be determined. Determining authentication mayinclude the sending the username and password to a roaming partner forauthentication. In one embodiment, an industry-standard RADIUS mechanismmay be used for authentication. When a valid login attempt is receivedfrom the client software, and the RADIUS username begins with aroaming-partner prefix of the form “ROAMING_PARTNER/” an AAA server maybe determined. For example, the determined AAA server may be AAA server710B. A valid RADIUS authentication request (i.e., an Access-Request)may be transmitted to AAA server 7101B of the roaming partner usingstandard RADIUS proxy procedures.

The roaming partner may determine whether a user account isauthenticated (e.g., using the user's RADIUS-compliant username andpassword) and send an appropriate authentication response back to thenetwork provider. In one instance, the roaming partner associated withthe user of PCD 110 may determine if the user account is authenticated.In several embodiments, NMD 105 may receive the authentication responseand determine if the authentication response indicates whether or notPCD 110 is authenticated, at 81. In various embodiments, AAA server 710Amay receive the authentication response and determine if theauthentication response indicates whether or not PCD 110 isauthenticated, at 81.

In one embodiment, a roaming partner may attempt to deliver anauthentication request to an appropriate authentication authority. Theroaming partner may then return the response (typically Access-Accept orAccess-Reject) returned by the authentication authority. According toone embodiment, the roaming partner may not return vendor-specificRADIUS attributes sent by the authentication authority. If no responseis received from the authentication authority, the roaming partner mayreturn an Access-Reject response to the network provider.

If an authentication response indicates that a user account has not beenauthenticated, then access of network services for the user may bedenied, at 82. If the authentication response indicates that the useraccount has been authenticated, then authorization to access networkservices may be granted, at 85.

According to one embodiment, when the logon attempt is successful, anHTML authentication page may be returned to PCD 110. The page mayinclude an HTML comment string of the form “<!--error={errornumber}-->”. The error number may be defined appropriately (e.g.,0=successful acceptance of request, 100=request rejected and loginfailed, 102=RADIUS communication error, and 255=undefined system error).New error numbers and definitions may be promulgated to the roamingpartner by the network provider.

In one embodiment, the authentication page may contain an HTML commentstring of the form “<!--AuthMessage={reply message}-->”. For example,the {reply message} may include the RADIUS Reply-Message attribute whenone is returned in an Access-Reply. The {reply message} may includeanother message (e.g., an error message) as defined by a carrier.

In one embodiment, if the request was successful, the authenticationpage may include an HTML comment of the form “<!--SessionId={sessionkey}-->”. For example, the {session key} may include a substantiallyunique alphanumeric string of at least one and not more than twentycharacters. According to one embodiment, the session key may be cachedby client software until the session has been terminated.

According to one embodiment, the authentication page may also include aparameter which specifies a logout URL and may be of the form“<!--LogoffUrl=‘https://<site-specific logouff URL>’-->”. In oneembodiment, to initiate a logoff, client software may send an HTTP POSToperation to a computer system servicing the logoff URL. The POSToperation may include the session key parameter returned by the lastsuccessful login operation.

In one embodiment, when a logoff attempt is received by a carrier, acomputer system, such as NMD 105, may return an HTML logoff responsepage including an HTML comment string of the form “<!--error={errornumber}-->”. For example, the error number may be defined appropriately(e.g., 0=successful logoff, 4=not logged in, and 255=undefined systemerror).

According to one embodiment, when a session is terminated in response tothe expiration of a billing period, the network provider may invalidatethe session and emit a RADIUS Acct-Request(STOP). If a client session isactive at the time of termination, the network provider may immediatelygenerate an Acct-Request(START). The Acct-Session-Id for the new sessionmay be assigned a substantially unique value.

According one embodiment, a session expiration may occur because theclient has not generated any network traffic for a defined “passivelogout” interval, granted network services may be terminated. Forexample, the user may then receive the custom welcome page on the nextattempt to access any web page. The user may re-institute a networkconnection as described previously.

In one embodiment, a user may get a stop record with a session length ofzero upon quickly disconnecting after authorization. This connection maystill be charged to the user. In various embodiments, use of both awired and a wireless access point may generate separately chargeablesessions.

According to one embodiment, in determining authentication at 80, anAccess-Request may not be acknowledged by a matching Access-Accept orAccess-Reject message within a predetermined amount of time transpiring.In one instance, the user may not be granted access to the service. In asecond instance, the request may be retransmitted to AAA server 710B.For example, an authentication retransmit interval may have a minimum often seconds and a maximum of twenty seconds, and the authenticationretry count may have a minimum of three and a maximum of five.

According to one embodiment, the network provider may return particularvalues for Acct-Terminate-Cause under conditions listed in Table 3.TABLE 3 Condition Value Value name User logout 1 User request Accesslink down 2 Lost carrier Idle timeout 4 No activity Max session timeexceeded 5 Session terminated at conclusion of service billing periodOrderly shutdown of 7 Admin reboot network provider access point orfollowing unexpected system restart

In various embodiments, the network provider may provide a periodic(e.g., monthly) invoice summarizing the charges owed by each roamingpartner. A billing period for invoices may begin, for example, atmidnight GMT on the first day of each calendar month and may endimmediately before the beginning of the next billing period.

Whereas RADIUS AAA using PAP (Password Authentication Protocol) is onemethod of providing authentication information (e.g., the username andpassword), there are other methods available in various embodiments. Forexample, another industry standard method is RADIUS AAA using CHAP(Challenge Handshake Authentication Protocol). Interaction with CHAP istypically more complex than PAP in that a “challenge” has to bepresented and accepted. This interaction can be accomplished in either aweb-based system or in a client-software-based system.

In various embodiments, in the case of a web-based system, a CHAPchallenge calculation may be performed by the web browser using a“plug-in,” a web browser scripting language such as JavaScript orActiveX, or a pre-compiled binary such as a Java Applet. Specifically,in the authentication steps, the following is one embodiment:

-   -   (1) The Login Webserver displays (via HTTPS) a login page which        requests a username and password from the End User.

At this point, a “CHAP Challenge” is embedded into the HTML pagereturned by the Login Webserver, which will be used by JavaScript in thepage to hash the user's password before transmission of the web formsubmission to the web server.

-   -   (2) The User fills-in the username/password fields and clicks        the form submission button. This button results in a form        submission via HTTPS to the Login Webserver.

At this point, instead of directly submitting the entered data, aJavaScript function may be used to hash the End User's password usingthe “CHAP Challenge” embedded in the HTML, or the JavaScript functionitself, and submit the hashed password instead of the plaintextpassword. This system and/or method may have an added security advantageof the password never leaving the client machine.

FIG. 5—Virtual Access Points and Virtual Points of Presence

FIG. 5A-5B are block diagrams illustrating communication of virtualaccess points with respective virtual points of presence, according tovarious embodiments. In some embodiments, AP 120 and NMD 105 may belocated at location 175, as shown in FIG. 5A. In various embodiments, AP120 may be located at location 175 while NMD 105 may not be located atlocation 175, as shown in FIG. 5B.

Various embodiments may enable a plurality of carriers to utilize acommon set of wireless or wired access points at each location 175 toprovide their respective services to each carrier's potentiallynon-overlapping sets of subscribers. This allows use of a single networkinfrastructure at each location 175, which may minimally impact awireless spectrum available at a location 175 while allowing a maximumpossible number of carriers to offer access to network services and/orother services.

In several embodiments, NCS 100 may service a plurality of carriers. Forexample, one or more locations 175 of the retail entity may provideservice to the plurality of carriers (service to subscribers of each ofthe plurality of carriers) through one or more APs 120. For instance,wireless AP 120 may be operable to use a first System ID for a firstcarrier and operable to use a second System ID for a second carrier. TheSystem IDs for the first and second carriers may be IEEE 802.11 ServiceSet Identifiers (SSIDs) and/or Extended Service Set Identifiers(ESSIDs).

One or more of the wireless APs 120, NMD 105, and/or MIB 150 may includesoftware that enables wireless APs 120 to accommodate or service usersof a plurality of different locations and/or different carriers. Thus, awireless AP 120 may be operable to appear as any one of a plurality ofdifferent location wireless APs, meaning that a single wireless AP may“pretend to be” or behave as an access point dedicated to a particularlocation and/or carriers for each of a plurality of different locationsand/or carriers. In other words, according to various embodiments,wireless AP 120 may execute one or more software programs that allow itto act as a wireless AP or virtual AP (VAP) 125 for each of theplurality of locations and/or carriers. These locations may includelocations 175C-175D shown in FIG. 3B. Thus, a wireless AP 120 may becapable of broadcasting and/or recognizing any of a plurality of systemidentifications (SIDS) and maintaining associations between the SIDS andthe users of the respective locations and/or one or more carriers. Theidentification information may be a System ID (an IEEE 802.11 SystemID), a MAC ID of a wireless Ethernet device comprised in the PCD 110,the name of the location or a name of a carrier, or other type ofinformation that identifies one or more locations and/or one or morecarriers providing network access. Where the wireless network iswireless Ethernet (IEEE 802.11), the identification information orSystem ID may include a SSID (Service Set ID), an ESSID (ExtendedService Set ID) and/or a BSSID (Basic Service Set ID), among others. Formore information on virtual access points, please see U.S. patentapplication Ser. No. 09/767,374, referenced above.

In various embodiments, software and/or information may enable NMD 105to accommodate or service subscribers of a plurality of differentcarriers. The software and/or information may implement one or morevirtual points of presence. In one example, instead of using a separateNMD for each carrier supported at a location 175, NMD 105 may beoperable to appear as a point of presence to any one of a plurality ofdifferent carriers at location 175, meaning that a single NMD may“pretend to be” or behave as a point of presence dedicated to aparticular carrier for each of a plurality of different carriers. Forinstance, the retail entity or the NSP may, itself, offer services at alocation 175. Software and/or information may implement a defaultvirtual point of presence. In a second example, instead of using aseparate NMD for the default virtual point of presence at location 175,NMD 105 may be operable to appear as a default virtual point of presenceat location 175, meaning that a single NMD may “pretend to be” or behaveas the default virtual point of presence dedicated to location 175.Software and/or information may enable NMD 105 to accommodate or serviceemployees and/or equipment of the retail entity. Software and/orinformation may implement an internal point of presence. In a thirdexample, instead of using a separate NMD for the internal point ofpresence at location 175, NMD 105 may be operable to appear as theinternal point of presence at location 175, meaning that a single NMDmay “pretend to be” or behave as the internal point of presencededicated to location 175.

In several embodiments, NMD 105 may include software that enables it tobehave appropriately for each of a plurality of carriers, a defaultpoint of presence, and/or an internal point of presence. For example,instead of implementing a plurality of virtual points of presence, i.e.,instead of storing and executing a plurality of virtual carrier points,the default point of presence, and/or the internal point of presence ofpresence software program instantiations, a single softwareinstantiation may enable this operation. In various embodiments, eachvirtual carrier point of presence, the default point of presence, and/orthe internal point of presence may entail one or more software programs,and each instantiation of a virtual carrier point of presence, thedefault point of presence, and/or the internal point of presence mayutilize a separate instantiation or replication of these one or moresoftware programs. In one embodiment, a single instantiation of one ormore software programs may enable the physical point of presence or NMD105 to behave appropriately for each of a plurality of carriers, thedefault point of presence, and/or the internal point of presence.

In various embodiments, wireless AP 120 may include a plurality ofvirtual access points (VAPs) 125. According to one embodiment, each VAP125A-125D may be, respectively, coupled to a virtual point of presence(VPOP) 135A-135D, as shown in FIGS. 5A-5B. For example, each VAP125A-125C may be, respectively, coupled to a carrier virtual point ofpresence (CVPOP) 135A-135C. In several embodiments, each VPOP 135 mayinclude customized functionality associated with one or more systemsand/or methods described above with regards to FIG. 4. In oneembodiment, each VPOP 135 may present its own web page at 78 of FIG. 4.For instance, default virtual point of presence 135D may present aco-branded web page at 78 of FIG. 4. In one example, the web page mayinclude one or more advertisements for one or more carrier servicesavailable at location 175. In a second example, the web page may beconsidered the main web page. In a third example, the web page mayinclude one or more links to one or more CVPOPs 135A-135C.

In various embodiments, an employee of the retail entity may accessvarious corporate networks of the retail entity, such as corporatenetwork 101, and/or various equipment of the retail entity, such as BODs102, through the internal point of presence. For instance, one or moreBODs 102 such as cash registers and/or credit card debiting computingdevices may use one or more network services available through theinternal point of presence of NMD 105. An employee of the retail entity,such as a manager or a person of the wait-staff, may use a PCD 110C toaccess one or more food and/or beverage ordering systems through theinternal point of presence of NMD 105, for example. According to oneembodiment, a user of PCD 110C may submit authentication informationwith regards to 79 of FIG. 4. The authentication information may betransmitted to a computer system of the retail entity which maydetermine authentication in 80 and provide an authentication response toNMD 105. Program instructions implementing internal point of presence137 may determine if the authentication response indicates whether ornot the user of PCD 110C is authenticated, at 81. If the user isauthenticated, the user may be granted services that are authorized at85. In various embodiments, internal point of presence 137 may providepolicy based routing for communications with various computer systemsavailable within and outside NCS 100. If the user is not authenticated,the user may be denied service, at 82.

In several embodiments, a VAP 125 may be coupled to a CVPOP 135A, adefault virtual point of presence (DVPOP) 135D, or an internal virtualpoint of presence (IVPOP) 137 through with one or more virtual localarea networks (VLANs) (IEEE 802.1q). For instance, wireless AP 120 andNMD 105 may communicate using tagged VLANs. For example, VAP 125A maycommunicate with CVPOP 135A using a first VLAN tag. VAP 125B maycommunicate with CVPOP 135B using a second VLAN tag. VAP 125D maycommunicate with DVPOP 135D using a third VLAN tag. VAP 125E maycommunicate with IVPOP 137 using a fourth VLAN tag. In variousembodiments, wireless AP 120 may use a different VLAN tag to communicateinformation from each PCD 110 to NMD 105 where each PCD 110 uses adifferent System ID (e.g., SSID and/or ESSID, among others). In severalembodiments, a PCD 110 may communicate with DVPOP 135D, IVPOP 137 and/orCVPOP 135A using one or more secure systems and/or methods.

In various embodiments, a VAP 125 may be coupled to a CVPOP 135A, aDVPOP 135D, or an IVPOP 137 by one or more tunnels. In severalembodiments, each tunnel may use a different tunneling protocol. Atunneling protocol may include point to point tunneling protocol (PPTP),point to point over Ethernet (PPoE), general route encapsulation (GRE),IPSec, and/or IP-in-IP, among others.

FIG. 6—Communication with Multiple Carriers

FIG. 6A-6B are block diagrams illustrating communication with multiplecarriers, according to various embodiments. In some embodiments, AP 120and NMD 105 may be located at location 175, as shown in FIG. 6A. Invarious embodiments, AP 120 may be located at location 175 while NMD 105may not be located at location 175, as shown in FIG. 6B. In someembodiment, wireless AP 120 may include VAP 125A, 125B, and 125E.

For example, a first carrier may include a name such as “The FoobazcoTelephone Company”. A PCD 110A may use a SSID and/or ESSID of “Foobazco”to communicate with wireless AP 120. In one embodiment, PCD 110A may usethe SSID and/or ESSID of “Foobazco” to communicate with VAP 125A. Forinstance, this may indicate that that the one or more PCDs 110 using theSSID and/or ESSID of “Foobazco” to communicate with wireless AP 120 areassociated with the first carrier. In one embodiment, elements of NCS100 may present CVPOP 135A to PCD 11A.

In various embodiments, the Foobazco Telephone Company may compensatethe NSP (e.g., pay the NSP a fee) for wireless AP 120 to broadcast theSSID and/or ESSID of “Foobazco”. Broadcasting the SSID and/or ESSID mayindicate that one or more services of the first carrier may be availablethrough wireless AP 120.

A second carrier may include a name such as “The Wellcent CellularTelephone Corporation”. A PCD 110B may use a SSID and/or ESSID of“Wellcent” to communicate with wireless AP 120. In one embodiment, PCD110B may use the SSID and/or ESSID of “Wellcent” to communicate with VAP125B. For instance, this may indicate that that the one or more PCDs 110using the SSID and/or ESSID of “Wellcent” to communicate with wirelessAP 120 are associated with the second carrier. In one embodiment,elements of NCS 100 may present CVPOP 135B to PCD 110B.

In various embodiments, the Wellcent Cellular Telephone Corporation maycompensate the NSP (e.g., pay the NSP a fee) for wireless AP 120 tobroadcast the SSID and/or ESSID of “Wellcent”. Broadcasting the SSIDand/or ESSID may indicate that one or more services of the secondcarrier may be available through wireless AP 120.

In several embodiments, wireless AP 120 may concurrently use the SystemIDs such as SSIDs and/or ESSIDs of “Foobazco” and “Wellcent”, amongothers, to communicate with one or more PCDs 110. In variousembodiments, wireless AP 120 may concurrently broadcast “Foobazco” and“Wellcent”, among others.

FIG. 7—Service Through Multiple Carriers

FIG. 7 illustrates a flowchart of a customer or subscriber of a firstcarrier using a first PCD, such as PCD 110A, at a location 175 of aretail entity and a customer or subscriber of a second carrier using asecond PCD, such as PCD 110B, at location 175 of the retail entity,according to various embodiments. For example, at 70A, PCD 110A may usea SSID and/or ESSID of “Foobazco” to communicate with AP 120. This mayindicate the first carrier. PCD 110B may use a SSID and/or ESSID of“Wellcent” to communicate with AP 120, at 70B. This may indicate thesecond carrier. It is noted that in various embodiments one or more ofthe flowchart elements may be performed concurrently, in a differentorder, or be omitted. Additional elements may be performed as desired.

At 75, usage by PCD 110A and/or PCD 110B or a request for service fromPCD 110A and/or PCD 110B may be detected. Various embodiments mayinclude various systems and/or methods for detecting a usage and/or arequest for service. In one embodiment, PCD 110A and/or PCD 110B mayattempt to access one or more web servers. At 77, information may bedetermined to send to a PCD 100. The information may include variousoptions which may be based on a SSID and/or ESSID used to communicatewith wireless AP 120. According to one embodiment, determininginformation at 77 may include determining program instructions toexecute and/or data to transmit to a PCD 110. For example PCD 110A mayuse VAP 125A, as discussed above. At 77, program instructions associatedwith CVPOP 135A may be executed. PCD 10B may use VAP 125B, as discussedabove. At 77, program instructions associated with CVPOP 135B may beexecuted.

In various embodiments, the information may include a web page. Inseveral embodiments, the information may include a redirect (e.g., ahypertext transfer protocol or HTTP 302 redirect) to the web page.

In various embodiments, determined information may indicate that the webpage presented to PCD 110A be a web page associated with the firstcarrier. The web page may include content such as advertisements and/orpromotions associated with the first carrier. The advertisements and/orpromotions may be based on a geographic location of PCD 110A and/orwireless AP 120. In one embodiment, the user of PCD 110A may bepresented with specified content and/or service through wireless AP 120until the user is authenticated. For example, before the user isauthenticated, the user may only have access to information associatedwith the first carrier and/or location 175 of the retail entity. Forinstance, the user may access one or more web pages before he or she isauthenticated. These web pages may be considered a “walled-garden”. Thewalled-garden may include information associated with an authenticationprocess or method that the user of PCD 110A may use. At 78A, a firstwalled-garden or a portion of the first walled garden may be transmittedto PCD 11 OA. In one embodiment, the first walled-garden may be producedby program instructions included in CVPOP 135A.

In several embodiments, the user of PCD 110B may be presented a second,different, walled-garden, at 78B. For example, the second walled-gardenmay include information and/or content associated with the secondcarrier. In one embodiment, the second walled-garden may be produced byprogram instructions included in CVPOP 135B. In various embodiments, theusers of PCD 110A and PCD 10B may proceed with method elements 79-95with reference to FIG. 4.

Wireless Access Point Usage of Multiple Channels

In various embodiments, wireless APs 120 may concurrently use one of aplurality of different RF (radio frequency) channels for communicationwith computing devices of users. In one example, wireless AP 120 can useone of RF channels 1 through 11. As is well known, RF channels 1, 6 and11 are non-overlapping, with the remainder of these channels beingpartially overlapping with other channels. In a second example, wirelessAP 120 may use one or more channels in a first frequency band such as2.4 GHz and concurrently use one or more channels in a second frequencyband such as 5 GHz. In one embodiment, channels in one frequency bandmay provide more bandwidth than channels in another frequency band. Theterm “frequency band” may be used to describe any range of contiguousradio frequencies.

In several embodiments, each wireless AP 120 can communicate on one ormore, e.g. a plurality of or all of, the available wireless channels,e.g., the available RF channels. Furthermore, each of the wireless AP120 may control which channel PCD 110 is able to use. In one embodiment,each PCD 110 may scan each of the RF channels until it detects awireless AP 120 at one of the channels.

In one embodiment, one or more of the wireless APs 120 may each utilizea plurality of the RF channels, e.g., may use each of thenon-overlapping channels 1, 6 and 11 to effectively provide up to threetimes the channel capacity. Thus, one or more of the wireless APs 120may be able to control allocations of a plurality or all of therespective RF channels to selectively obtain higher bandwidth whenappropriate, or to simply accommodate a greater number of computingdevices 110. Thus, if wireless AP 120A using only one RF channel couldonly handle fifty computing devices 110 on that respective channel, thewireless AP 120A may operate to use three non-overlapping RF channels toeffectively triple this capacity to a total of 150 concurrent orsimultaneous PCDs 110.

In one example, if wireless AP 120A is only communicating with one PCD110, then the wireless AP 120A may optionally or selectively use threenon-overlapping RF channels to produce effectively three times thebandwidth for this communication. As additional PCDs 110 come intocommunication with the wireless AP 120A, wireless AP 120A mayselectively allocate different channels to different ones of these PCDs110 as needed. Further, if more than three computing devices arecommunicating with wireless AP 120A, wireless AP 120A may partition oneor more of the respective channels for the respective PCDs 110, such asusing wireless Ethernet Collision Sense Multiple Access/CollisionDetection (CSMA/CD) or other multiple access schemes such as TDMA, FDMA,or CDMA, among others.

In one embodiment, as described above with respect to block 77, awireless AP of the wireless APs 120A-120B operates to direct a computingdevice 110 to an available channel, possibly based on one or moreattributes associated with the access code received from the computingdevice 110. Thus the wireless AP, not the computing device, may assignchannels for communication. For example, wireless AP 120B may operate todirect a computing device 110 to an available communication channel(e.g., an RF channel) based on the identification information, e.g., theSystem ID, received from the computing device 110. The wireless AP 120Bmay also operate to direct PCD 110 to an available communication channelbased on other types of identification or authentication information, oron the determined access of the computing device. This allows wirelessAP 120B to separate the communication traffic onto different channelsbased on the network provider being used, or based on the access orprivilege level of computing device 110. For example, wireless AP 120Bmay assign a computing device 110 a communication channel based onwhether the computing device 110 has access to private portions of thenetwork.

Other Types of Entities

In various embodiments, other types of entities may possibly participatein one or more systems and/or methods described herein in lieu of or inaddition to carriers. These other types of entities may include anyentity which may have a group that may use services described above. Forexample, a bank may offer services described herein at one or moreretail entity locations to its account holder and/or credit cardholders. For instance, a holder of a MasterCard® or a specificMasterCard, such as offered by a specific bank (e.g., MBNA or CapitalOne, among others), may be allowed access at one or more retail entitiesby submitting his or her MasterCard information. In various examples, acollege or university may offer services described herein at one or moreretail entity locations to its students, professors, alumni, and/orstaff; or an on-line dating service may offer services described hereinat one or more retail entity locations to its subscribers; among othertypes of entities.

Further modifications and alternative embodiments of various aspects ofthe invention may be apparent to those skilled in the art in view ofthis description. Accordingly, this description is to be construed asillustrative only and is for the purpose of teaching those skilled inthe art the general manner of carrying out the invention. It is to beunderstood that the forms of the invention shown and described hereinare to be taken as embodiments. Elements and materials may besubstituted for those illustrated and described herein, parts andprocesses may be reversed, and certain features of the invention may beutilized independently, all as would be apparent to one skilled in theart after having the benefit of this description of the invention.Changes may be made in the elements described herein without departingfrom the spirit and scope of the invention as described in the followingclaims.

1. A method for providing wireless network services, the methodcomprising: providing a plurality of wireless access points at aplurality of locations of at least one retail entity, wherein theplurality of wireless access points are installed by a wireless serviceprovider; and the wireless service provider receiving a first paymentfrom a first carrier entity for installation of the plurality ofwireless access points at the plurality of locations of the at least oneretail entity.
 2. The method of claim 1, further comprising: thewireless service provider storing information in a computer system,wherein the information stored in the computer system is associated withthe first payment from the first carrier to the wireless serviceprovider.
 3. The method of claim 1, further comprising: a computersystem operated by the first carrier entity providing invoices to aplurality of users, wherein the invoices charge for wireless access atany of the plurality locations of the at least one retail entity.
 4. Themethod of claim 3, wherein the invoices charge for (a) wireless accessat any of a plurality locations of at least one retail entity; and (b)at least one of local or long distance telephone service.
 5. The methodof claim 3, wherein the invoices charge for (a) wireless access at anyof a plurality locations of at least one retail entity; and (b) at leastcable television service.
 6. The method of claim 1, further comprising:a portable computing device operated by a first user communicating witha wireless access point at one of said locations of the at least oneretail entity; determining if the first user is a subscriber of thefirst carrier entity for wireless access at the plurality locations ofthe at least one retail entity; and providing wireless access to theportable computing device of the first user if the first user is asubscriber of the carrier entity for wireless access at the pluralitylocations of the at least one retail entity.
 7. The method of claim 6,further comprising: requesting payment from the first user if the firstuser is not a subscriber of the carrier entity for wireless access atthe plurality locations of the at least one retail entity.
 8. The methodof claim 7, further comprising: the portable computing device providingpayment information to a computer system operated by the first carrierentity.
 9. The method of claim 8, wherein the payment informationincludes credit card information.
 10. The method of claim 1, furthercomprising: a second carrier entity providing payment to the wirelessservice provider for operation of the plurality of wireless accesspoints at the plurality of locations of the at least one retail entity;and a computer system operated by the second carrier entity providinginvoices to a plurality of users, wherein the invoices charge forwireless access at any of a plurality locations of at least one retailentity.
 11. A method for providing wireless network services, the methodcomprising: providing a plurality of wireless access points at aplurality of locations of at least one retail entity, wherein theplurality of wireless access points are installed by a wireless serviceprovider; a first carrier entity providing a first payment to thewireless service provider for installation of the plurality of wirelessaccess points at the plurality of locations of the at least one retailentity; and a computer system operated by the first carrier entityproviding invoices to a plurality of users, wherein the invoices chargefor wireless access at any of a plurality locations of at least oneretail entity.
 12. The method of claim 11, further comprising: aportable computing device operated by a first user communicating with awireless access point at one of said locations of the at least oneretail entity; determining if the first user is a subscriber of thefirst carrier entity for wireless access at the plurality locations ofthe at least one retail entity; and providing wireless access to theportable computing device of the first user if the first user is asubscriber of the carrier entity for wireless access at the pluralitylocations of the at least one retail entity.
 13. The method of claim 12,further comprising: requesting payment from the first user if the firstuser is not a subscriber of the carrier entity for wireless access atthe plurality locations of the at least one retail entity.
 14. Themethod of claim 11, further comprising: a second carrier entityproviding payment to the wireless service provider for operation of theplurality of wireless access points at the plurality of locations of theat least one retail entity; and a computer system operated by the secondcarrier entity providing invoices to a plurality of users, wherein theinvoices charge for wireless access at any of a plurality locations ofat least one retail entity.
 15. The method of claim 11, wherein thefirst payment made by the carrier entity substantially pays for theinstallation of the plurality of wireless access points.
 16. The methodof claim 11, wherein the carrier entity is a regional bell operatingcompany.
 17. The method of claim 11, wherein the invoices charge for (a)wireless access at any of a plurality locations of at least one retailentity; and (b) at least one of local or long distance telephone service18. The method of claim 11, wherein the first payment is based on thenumber of the plurality of locations.
 19. The method of claim 11,wherein the plurality of locations comprise at least 100 locationsspread across a large geographic area.
 20. A method for providingwireless network services, the method comprising: providing a pluralityof wireless access points at a plurality of locations of at least oneretail entity, wherein the plurality of wireless access points areoperated by a wireless service provider; a plurality of carrier entitiesproviding payment to the wireless service provider for operation of theplurality of wireless access points at the plurality of locations of theat least one retail entity; and for each of the plurality of carrierentities, a computer system operated by a respective carrier entityproviding invoices to a respective plurality of users, wherein theinvoices charge for wireless access at any of a plurality locations ofat least one retail entity.
 21. The method of claim 20, furthercomprising: a portable computing device operated by a first usercommunicating with a wireless access point at one of said locations ofthe at least one retail entity; and the wireless access pointbroadcasting a plurality of system identifiers, wherein each of thesystem identifiers corresponds to one of the carrier entities.
 22. Amethod for providing wireless network services, the method comprising:providing a plurality of wireless access points at a plurality oflocations of at least one retail entity, wherein the plurality ofwireless access points are installed by a wireless service provider,wherein at least a substantial portion of the installation of theplurality of wireless access points is paid for by a first carrierentity; and a computer system operated by the first carrier entityproviding invoices to a plurality of users, wherein the invoices chargefor wireless access at any of a plurality locations of at least oneretail entity.
 23. A system for providing wireless network services, thesystem comprising: a plurality of wireless access points located at aplurality of locations of at least one retail entity, wherein theplurality of wireless access points are installed by a wireless serviceprovider; wherein a first carrier entity is operable to provide a firstpayment to the wireless service provider for installation of theplurality of wireless access points at the plurality of locations of theat least one retail entity; a computer system operated by the firstcarrier entity which is operable to provide invoices to a plurality ofusers, wherein the invoices charge for wireless access at any of aplurality locations of at least one retail entity.
 24. A method forproviding wireless network services, the method comprising: providing aplurality of wireless access points at a plurality of locations of atleast one retail entity, wherein the plurality of wireless access pointsare installed by a wireless service provider; a first carrier entityproviding a first payment to the wireless service provider forinstallation of the plurality of wireless access points at the pluralityof locations of the at least one retail entity; a portable computingdevice operated by a first user communicating with a wireless accesspoint at one of said locations of the at least one retail entity; andthe first user paying an access fee to a computer system operated by thefirst carrier entity.
 25. The method of claim 24, further comprising:determining if the first user is a subscriber of the first carrierentity for wireless access at the plurality locations of the at leastone retail entity; and providing wireless access to the portablecomputing device of the first user if the first user is a subscriber ofthe carrier entity for wireless access at the plurality locations of theat least one retail entity.
 26. A method for providing wireless networkservices, the method comprising: providing a plurality of wirelessaccess points at a plurality of locations of at least one retail entity,wherein the plurality of wireless access points are installed by anetwork service provider; and configuring the plurality of wirelessaccess points at the plurality of locations of the at least one retailentity, thereby allowing a plurality of subscribers of a first carrierto use the plurality of wireless access points.
 27. A method forproviding wireless network services, the method comprising: providing aplurality of wireless access points at a plurality of locations of atleast one retail entity, wherein the plurality of wireless access pointsare installed by a network service provider; and a first wireless accesspoint of the a plurality of wireless access points receiving systemidentification information from a portable computing device, wherein thesystem identification information indicates a carrier of a plurality ofpossible carriers, wherein said first access point includes a memorymedium which stores a data structure comprising a list of systemidentification information entries each indicating at least one carrierof the plurality of possible carriers; determining the carrier for theportable computing device after receiving the system identificationinformation, wherein said determining the carrier for the portablecomputing device includes accessing the memory medium and using thereceived system identification information to determine the carrier;determining one or more services of the carrier after determining thecarrier for the portable computing device, wherein said determining theone or more services of the carrier includes accessing a second memorymedium and using the determined carrier to determine the one or moreservices of the carrier; and providing the one or more services of thecarrier determined in said determining one or more services of thecarrier to the portable computing device through the first access point.28. The method of claim 27, wherein the system identification is an IEEE802.11 system identification.
 29. The method of claim 28, wherein theIEEE 802.11 system identification is a service set identifier (SSID).30. The method of claim 28, wherein the IEEE 802.11 systemidentification is a basic service set identifier (BSSID).
 31. The methodof claim 28, wherein the IEEE 802.11 system identification is anextended service set identifier (ESSID).
 32. The method of claim 27,wherein the one or more services includes access to a network; whereinthe one or more services includes information indicating anauthentication process to acquire access to the network; the methodfurther comprising: the portable computing device transmittingauthentication information to the first access point; determining anauthentication result based on whether the authentication information isauthenticated; if the authentication result indicates the authenticationinformation is authenticated, providing access to the network; if theauthentication result indicates the authentication information is notauthenticated, denying access to the network.
 33. The method of claim32, wherein the authentication information includes a username andpassword.
 34. The method of claim 33, the method further comprising:wherein the username and password is associated with a user account of aroaming partner of the determined carrier; the method furthercomprising: transmitting the username and password to the roamingpartner; wherein the roaming partner performs said determining theauthentication result.
 35. The method of claim 32, wherein theauthentication information includes payment information.
 36. The methodof claim 35, wherein the payment information includes credit cardinformation.
 37. The method of claim 36, further comprising: thedetermined carrier debiting an account associated with the credit cardinformation.
 38. The method of claim 32, wherein the authenticationinformation includes prepaid card information.
 39. The method of claim32, wherein the authentication information includes access codeinformation.
 40. The method of claim 32, wherein said transmittingauthentication information includes using a web browser to transmit theauthentication information.
 41. The method of claim 32, wherein saidtransmitting authentication information includes using client softwareto transmit the authentication information.
 42. A network system,comprising: a network; a plurality of access points coupled to thenetwork, wherein the plurality of access points are distributed among aplurality of locations of at least one retail entity, wherein theplurality of wireless access points are installed by a network serviceprovider, wherein each of the plurality of access points is operable tocommunicate with a portable computing device, wherein each of theplurality of access points is configured to receive systemidentification information from the portable computing device indicatinga carrier of a plurality of possible carriers, wherein each of theplurality of access points includes a memory medium which stores a datastructure, wherein the data structure comprises a list of systemidentification information entries and corresponding carriers, whereineach entry indicates a respective carrier of the plurality of possiblecarriers; wherein each of the plurality of access points is operable todetermine the carrier indicated in the system identificationinformation; wherein, in determining the carrier for the portablecomputing device, each of the plurality of access points is operable toaccess the memory medium and use the received system identificationinformation to determine the carrier; wherein one or more services ofthe determined carrier are provided to the portable computing device.43. The network system of claim 42, wherein the system identification isan IEEE 802.11 system identification.
 44. The network system of claim43, wherein the IEEE 802.11 system identification is a service setidentifier (SSID).
 45. The network system of claim 43, wherein the IEEE802.11 system identification is a basic service set identifier (BSSID).46. The network system of claim 43, wherein the IEEE 802.11 systemidentification is an extended service set identifier (ESSID).
 47. Thenetwork system of claim 42, wherein each access point is operable tobroadcast a plurality of system identifications.
 48. The network systemof claim 42, further comprising: a plurality of back office devicescoupled to the network, wherein each back office device is operated bythe at least one retail entity, wherein each location of the at leastone retail entity includes at least one back office device.
 49. Thenetwork system of claim 48, further comprising: a credit card clearinghouse coupled to the network; wherein a subset of the plurality of backoffice devices coupled to the network are operable to read credit cardinformation and transmit the credit card information through the networkto the credit card clearing house.
 50. The network system of claim 48,wherein each of the plurality of office devices coupled to the networkcommunicate using at least a first virtual local area network (VLAN)tag; wherein each of the plurality of access points coupled to thenetwork communicate using at least a second VLAN tag;
 51. The networksystem of claim 42, wherein at least a subset of the identificationinformation entries each indicate at least one virtual local areanetwork (VLAN).
 52. The network system of claim 51, wherein each VLANspecifies a carrier.
 53. The network system of claim 52, wherein theindicated VLAN is used in providing the one or more services of thedetermined carrier.
 54. The network system of claim 42, wherein thenetwork is operable to support IEEE 802.1p.
 55. The network system ofclaim 42, wherein the network is operable to enforce a predefinedquality of service metric to a virtual port within the network.